OUCH! Free Content gets hurt by enabled Ad Blockers

Please consider unblocking us or Subscribe in support of our great non-gated content.

Mass attack hits patched Java flaw

- April 24, 2013

Less than a week after Oracle Corp. released a patch for a Java remote code execution vulnerability, the flaw was targeted by cybercriminals infecting unprotected computers with ransomware, according to security researchers.

“A few days after oracle released its critical patch for Java and CVE-2013-2423 are already being exploited,” according to a blog post yesterday by the security company F-Secure. “Upon checking the history, the exploitation seems to have begun April 21st and is still actively happening (as of this post).”

(Image from F-Secure)

CVE-2013-2423 was one of the 42 security issues fixed in the Java 7 Update 21 released by Oracle on April 16.

F-Secure said attacks on the vulnerability started on April 21, a day after the exploit for the flaw was added to Metasploit. Although Metasploit is an open-source tool used by penetration testers it is not uncommon for cybercriminals to adapt Metasploit modules for use in malware toolkits.

In its original advisory, Oracle rated the flaw’s impact at 4.3 in a scale of 10 using the Common Vulnerability Scoring Systems. Oracle said the vulnerability can only be exploited through untrusted Java Web Start applications and untrusted Java applets.

A blog post on the site Malwaredontneedcoffee.com said that CVE-2013-2423 was added into the Web attack tool kit Cool Exploit Kit which is used to install a malware called Reveton.

Reveton is a ransomware used by cybercriminals to extort money from victims. The malware locks down the operating system of an infected machine, warns victims that they had downloaded illegal files and demands that victims pay a fine.

Oracle said users should upgrade to the latest Java 7 version, Update 21, as soon as they can.